book

The Code of Honor

by Paul J. Maurer, Ed Skoudis

June 2024

Intermediate to advanced

224 pages

3h 55m

English

Wiley

Read now

Unlock full access

How Should You Read This Book?Why Are There Two Authors but Only One Voice?How Should You Approach the Critical Applications Case Studies?How Should You Use the Cybersecurity Code of Honor?A Challenge to Make the World a Better Place
In Case You Are Wondering Why You Should CareDo We Need Ethics in Cybersecurity?Long-Standing Models for the CodeWhy the Need for the Code Is UrgentNotes
Cybersecurity Is a Human BusinessHumans Have Inherent ValueHumans Over TechnologyThe Solution to the Problem of Cybersecurity Is Principally a Human SolutionCharacter Costs and Character PaysCase Study: When Security Is on the Chopping BlockNote
We Need You on That WallKnow Your Why—Purpose and PeopleService Means Sharing: Sharing Starts with Good CommunicationSharing with the Broader Cyber Community: We Are All on the Same WallChecking InA Final ExampleCase Study: Responsible Disclosure of a Security FlawNotes
Bad Decisions and MultiplicationHumans Are FlawedTurning Vulnerability into Strength: It Begins with HumilityBeing a Lifelong LearnerHandling the Mistakes of OthersLet's Try to Avoid “Breaking Bad”How to Develop a Reflective PracticeCase Study: To Pay or Not to Pay—A Ransomware QuandaryNote
The Secret of SuccessTrust Is the Currency of CybersecurityHow Trust Is BuiltWhen Things Go BadBuilding Trust Requires CourageThe Role of Leadership in Building a Culture of TrustA Checklist for Building TrustCase Study: A Matter of Trust and Data BreachesNote
No Room for Know-it-AllsMaking Informed Ethical Decisions with InputWhy Teamwork Really Does Make the Dream WorkWhen Collaboration Breaks Down—Seeking Allies in Your OrganizationThe Power of MentorsBeware of RattlesnakesCase Study: Graded on a Curve? The Security Audit Checkmark

Essential to Success: Patience, Wisdom, and Self-ControlRemember the TitanicA Few Principles for Emergency PlanningStay Calm, Cool, and CollectedOur Job Is Not RevengeDevelop Your Cyber Kung FuCase Study: An Open Door: Vigilante JusticeNote
If It's Free, It's for Me?Avoid a “Robin Hood” NarrativeA Tragedy of “Free Information”Intellectual Property Is PropertyTo Catch a Thief, We Must Train Like OneChoices Have ConsequencesAll I Really Need to Know I Learned in KindergartenCase Study: Something Borrowed and Something NewNotes
Curiosity Can Kill the CatThe Golden Rule Applied to CybersecurityStay in Your LaneFour Questions to Help Avoid ImproprietyEach Time You Cross the Line, It Becomes EasierWe Hurt Real Human BeingsAn Outrageous Example of the ProblemRemember: We Are the ShieldCase Study: To Share or Not to Share? Investigating the CFO's SystemNotes

Content preview from The Code of Honor

CHAPTER 4“Zero-Day” Humanity and Accountability

“I will strive to recognize, take ownership, and appropriately communicate my mistakes and exercise patience toward others who make errors.”

– The Cybersecurity Code of Honor

“Mistakes are a fact of life. It is the response to error that counts.”

– Nikki Giovanni

“It is unwise to be too sure of one's own wisdom. It is healthy to be reminded that the strongest might weaken and the wisest might err.”

– Mahatma Gandhi

Matt is a security engineer for one of the world's most widely used fintech platforms. He has been with the company for nearly four years and quickly worked his way up through the ranks from analyst to engineer because of his coding background and coding proficiency. He is driven and bright and is currently up for another promotion, specifically because of a new security program that his team designed and implemented last quarter. Days ago, Rima, a newer member of Matt's design team, discovered what she believed was a flaw in their new program. The flaw seemed to be the result of simple errors the team made in the development process. When she presented it to Matt, he quickly decided it wasn't significant enough to raise any alarms. He dismissed it as a minor defect that likely wouldn't be exploited and could be addressed sometime down the road. After all, his team had already been recognized at last week's company meeting for their innovation, and program implementation was already full steam ahead.